Debian DLA-1748-1 : apache2 security update

Several vulnerabilities have been found in the Apache HTTP server. CVE-2019-0217 A race condition in modauthdigest when running in a threaded server could allow a user with valid credentials to authenticate using another username, bypassing configured access control restrictions. The issue was...

Important: httpd

Issue Overview: In Apache HTTP Server with MPM event, worker or prefork, code executing in less-privileged child processes or threads including scripts executed by an in-process scripting interpreter could execute arbitrary code with the privileges of the parent process usually root by manipulati...

EulerOS Virtualization 2.5.3 : python (EulerOS-SA-2019-1277)

According to the version of the python packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerability : - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc...

Security fix for the ALT Linux 8 package apache2 version 1:2.4.39-alt1

1:2.4.39-alt1 built April 3, 2019 Anton Farygin in task 226418 April 2, 2019 Anton Farygin - 2.4.39 - fixes: Apache HTTP Server privilege escalation from modules scripts. CVE-2019-0211 modauthdigest access control bypass. CVE-2019-0217 modssl access control bypass. CVE-2019-0215 Apache httpd URL...

FreeBSD : Apache -- Multiple vulnerabilities (cf2105c6-551b-11e9-b95c-b499baebfeaf)

The Apache httpd Project reports : Apache HTTP Server privilege escalation from modules' scripts CVE-2019-0211 important modauthdigest access control bypass CVE-2019-0217 important modssl access control bypass CVE-2019-0215 important modhttp2, possible crash on late upgrade CVE-2019-0197 low...

EulerOS 2.0 SP2 : python (EulerOS-SA-2019-1124)

According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC...

Security fix for the ALT Linux 9 package apache2 version 1:2.4.39-alt1

April 2, 2019 Anton Farygin 1:2.4.39-alt1 - 2.4.39 - fixes: Apache HTTP Server privilege escalation from modules scripts. CVE-2019-0211 modauthdigest access control bypass. CVE-2019-0217 modssl access control bypass. CVE-2019-0215 Apache httpd URL normalization inconsistincy. CVE-2019-0220...

Security fix for the ALT Linux 10 package apache2 version 1:2.4.39-alt1

April 2, 2019 Anton Farygin 1:2.4.39-alt1 - 2.4.39 - fixes: Apache HTTP Server privilege escalation from modules scripts. CVE-2019-0211 modauthdigest access control bypass. CVE-2019-0217 modssl access control bypass. CVE-2019-0215 Apache httpd URL normalization inconsistincy. CVE-2019-0220...

EulerOS 2.0 SP5 : python (EulerOS-SA-2019-1149)

According to the version of the python packages installed, the EulerOS installation on the remote host is affected by the following vulnerability : - Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC...

Apache 2.4.x < 2.4.39 Multiple Vulnerabilities

According to its banner, the version of Apache running on the remote host is 2.4.x prior to 2.4.39. It is, therefore, affected by multiple vulnerabilities: - A privilege escalation vulnerability exists in module scripts due to an ability to execute arbitrary code as the parent process by...

KLA12365 Multiple vulnerabilities in Apache HTTP Server

Multiple vulnerabilities were found in Apache HTTP Server. Malicious users can exploit these vulnerabilities to cause denial of service, bypass security restrictions, obtain sensitive information, execute arbitrary code. Below is a complete list of vulnerabilities: 1. Denial of service...

Apache -- Multiple vulnerabilities

The Apache httpd Project reports: Apache HTTP Server privilege escalation from modules' scripts CVE-2019-0211 important modauthdigest access control bypass CVE-2019-0217 important modssl access control bypass CVE-2019-0215 important modhttp2, possible crash on late upgrade CVE-2019-0197 low...

CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

Information disclosure

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

DEBIAN-CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

CVE-2019-9636

CVE-2019-9636 overview Python 2.7.x (up to 2.7.16) and Python 3.x (up to 3.7.2) are affected by improper handling of Unicode encoding during NFKC normalization, exposing information such as cookies and credentials cached for a hostname. The vulnerable components are urllib.parse.urlsplit and urll...

PSF-2019-9 urlsplit does not handle NFKC normalization

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

UBUNTU-CVE-2019-9636

Python 2.7.x through 2.7.16 and 3.x through 3.7.2 is affected by: Improper Handling of Unicode Encoding with an incorrect netloc during NFKC normalization. The impact is: Information disclosure credentials, cookies, etc. that are cached against a given hostname. The components are:...

PT-2019-4598 · Python +8 · Python +8

Name of the Vulnerable Software and Affected Versions: Python versions 2.7.x through 2.7.16 and 3.x through 3.7.2 Description: The issue is related to improper handling of Unicode encoding during NFKC normalization, which can lead to information disclosure, including credentials and cookies cache...

[SECURITY] Fedora 29 Update: syslog-ng-3.17.2-2.fc29

syslog-ng is an enhanced log daemon, supporting a wide range of input and output methods: syslog, unstructured text, message queues, databases SQL and NoSQL alike and more. Key features: receive and send RFC3164 and RFC5424 style syslog messages work with any kind of unstructured data receive and...